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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 04 August 2004 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) (3 Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) H The drawing(s) filed on 14 March 2001 is/are: a)B accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

Status of Claims 

1. Claims 1-22 are pending in the application. 

Claims 1-22 are rejected. 

Response to Amendment 

2. Applicant's arguments filed on 4 August 2004 in response to the office action mailed on 
5 May 2004 have been fully considered, but they are not persuasive. Therefore, the rejections 
made in the previous office action are maintained and restated below. 

Information Disclosure Statement 

3. The Information Disclosure Statement(s) received 4 August 2004 has been considered to 
the extent made possible by the translation of the abstract of the foreign patent publication. 
Please see attached PTO-1449(s). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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5. Claims l-7 5 9-15 and 17-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rabeler (US 6,594,746) in view of Bandoo (US 3,803,559). 

As in claim 2, Rabeler discloses a system comprising: 

a monitor flag for indicating that a specified address space is accessed (Column 3, line 66 
to column 4, line 2; Fig. 6, element 71; column 5, lines 44-45), where it is readily apparent that 
the mode bit of Rabeler acts as a flag to indicate when the address space occupied by the system 
mode program is accessed for execution (Column 1, lines 33-43); 

an access permission address range setting register, for setting an address range in which 
an access is permitted, that is able to be set while the flag is set (i.e. while in system mode) 
(Column 1 line 66 to column 2, line 14; Fig. 3, element 32; column 4, lines 54-65); 

a judging means forjudging whether or not an access is carried out within the address 
range set during execution of software (i.e. a user program) (Fig. 3; column 4, lines 47-65); and 

control means for controlling an access with respect to a memory based on a result of the 
judging means (Fig. 3; column 4, lines 47-65). 

Rabeler does not teach an access permission setting register for setting whether or not an 
access with respect to an address other than the address range should be permitted, that is able to 
be set while the flag is set, nor does Rabeler teach that the memory access is controlled based on 
the content of the access permission setting access register as required by claim 2. 
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Rabeler also does not teach an interruption request signal generating means for 
generating an interrupt to a processing unit when accessing an address other than the address 
range while the access permission register is set so as not to permit access to an address outside 
the address range, whereupon a predetermined interrupt program is executed as required by 
claim 4. 

Bandoo teaches a system for inhibiting memory access based on an address range, 
comprising a protect check flip-flop (i.e. access permission setting register) that sets whether or 
not an access with the respect to an address other than the address range should be permitted, by 
overriding the result of an address range judging means such that memory access is controlled 
based on a result of the judging means and the content set by the access permission setting 
register (Fig. 3; column 3, line 57 to column 4, line 7). Bandoo teaches that by this mechanism, 
a supervisory program may be allowed to conveniently access all memory areas (Column 4, lines 
45-57). 

Regarding claim 2, it would have been obvious to one of ordinary skill in the art at the 
time of invention by applicant to incorporate the access permission setting register mechanism of 
Bandoo, in the system of Rabeler, in order to allow convenient access to all memory areas by a 
supervisory program as taught by Bandoo. 

Further regarding claim 2, because Rabeler teaches that all memory access inhibition 
registers can only be modified in system mode (i.e. when the monitor flag is set) (Column 2, 
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lines 32-34), it would have been obvious to only allow modification of the access permission 
setting register while in system mode. 

Claim 1 is rejected using the same rationale as for the rejection of claim 2. 

Claim 3 is rejected using the same rationale as for the rejection of claim 2, further noting 
that Rabeler teaches a system program for setting all registers associated with inhibition of 
memory access (Column 1, lines 40-43; column 2, lines 32-34), where it is readily apparent that 
the system program must be executed prior to the user program in order for the security relevant 
information to be effective, and that the user program executes subsequent to the system 
program. 

Bandoo further teaches a generating means for generating an interrupt to the processing 
system when access to an address other than the permitted address range while the protect check 
flip-flop (i.e. access permission register) is set so as not to permit access to an address outside the 
address range, whereupon an interrupt handling routine of the supervisory program is executed 
(Fig. 4; column 5, lines 13-34). Bandoo teaches that this may be used to inform an operator of 
the condition (Column 5, line 34). 

Regarding claim 4, it would have been obvious to one or ordinary skill in the art at the 
time of invention by applicant, to use the interrupt mechanism of Bandoo, in the system of 
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Rabeler, in order to notify an operator of an attempted access to an address outside the address 
range as taught by Bandoo. 

Claim 5 is rejected using the same rationale as for the rejection of claim 4 above. 

Claim 6 is rejected using the same rationale as for the rejection of claim 4, noting that 
Bandoo teaches the interrupt handling routine is part of the supervisory program (Column 5, 
lines 20-24). 

Claim 7 is rejected using the same rationale as for the rejection of claim 6 above. 

Claims 9-15 are rejected using the same rationale as for the rejection of claims 1-7 
respectively, where it is noted that Rabeler teaches that the memory comprises a rewritable non- 
volatile memory (Column 3, lines 7-19). 

Claim 17 is rejected using the same rationale as for the rejection of claim 1 above. 

Claim 18 is rejected using the same rationale as for the rejection of claim 2 above. 

Claim 19 is rejected using the same rationale as for the rejection of claim 3 above. 



Claim 20 is rejected using the same rationale as for the rejection of claim 4 above. 
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Claim 21 is rejected using the same rationale as for the rejection of claim 6 above. 

6. Claims 8, 16 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Rabeler (US 6,594,746) in view of Bandoo (US 3,803,559) as applied to claims 3 and 19 above, 
and further in view of Oppenheimer (David L. Oppenheimer et al, "Performance Signatures: A 
Mechanism for Intrusion Detection", 1997 Information Survivability Workshop - ISW'97). 

Rabeler and Bandoo are relied upon for the teachings relative to claims 3 and 19 as 

above. 

The combination of Rabeler and Bandoo does not teach a re-execution forbidding means 
for storing information indicating that an access is carried out beyond an access limit, wherein 
the control means controls the memory based on the information so that access is not carried out 
again beyond the access limit as required by claim 8. 

Oppenheimer teaches a general principle for survivability in a computer system subject to 
anomalous program behavior, where software components that are misbehaving are quarantined 
(i.e. prevented from re-executing) (Introduction, paragraph 1, lines 1-3). Oppenheimer defines 
one kind of anomalous behavior as a memory usage being outside a normal range (Section 1, 
paragraph 2, lines 1-9; Section 2, 1, lines 1-11). 
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Although Oppenheimer teaches anomalous program behavior in the context of a hostile 
attack, to one skilled in the art Oppenheimer' s teachings would suggest general principles 
applicable to any anomalous program behavior. Furthermore, it is readily apparent in 
Oppenheimer that an indication of anomalous behavior must be stored in order for the system to 
make reference to the condition during analysis of the anomalous behavior (Section 2.2). 

Regarding claim 8, it would have been obvious to one of ordinary skill in the art at the 
time of invention by applicant to prevent a program from re-executing (i.e. quarantine) based on 
information stored indicating anomalous memory usage as taught by Oppenheimer, in the system 
made obvious by the combination of Rabeler and Bandoo, where the anomalous behavior is an 
access beyond an access limit, in order to ensure survivability of the computer system against 
misbehaving software as taught by Oppenheimer. 

Claim 16 is rejected using the same rationale as for the rejection of claim 1 1 above. 

Claim 22 is rejected using the same rationale as for the rejection of claim 8 above. 

Response to Arguments 
7. Applicants arguments filed 4 August 2004 with respect to the rejection of claims 1-22 
under 35 USC § 103(a) have been fully considered but they are not persuasive. 
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Applicant argues that the mode bit of Rabeler is not analogous to "a flag indicating that a 
specified address space is accessed" (Page 3, paragraph 2). In support of this conclusion 
applicant asserts, "the mode bit . . . does not warn if address space is accessed" (Page 3, 
paragraph 2). 

Examiner is not persuaded. The claim does not recite a flag for providing a warning. 
Although the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 
1993). 

Rabeler teaches a mode bit that when set to correspond to a user mode, disables access to 
particular segments of memory, whereas when set to a system mode all memory segments are 
accessible (Column 1, lines 31-39; column 1, line 57 to column 2, line 8). The mode bit of 
Rabeler is analogous to a flag according to an accepted definition of the term found at Internet 
address http://wombatdoc.ic.ac.uk/foldoc/foldoc.cgi?query=flag, the Free Online Dictionary of 
Computing (FOLDOC): 

"A variable or quantity that can take on one of two values; a bit> particularly one that 

is used to indicate one of two outcomes or is used to control which of two things is to be 

done. " 

Therefore, the mode bit of Rabeler may indeed be understood to be "a flag indicating that a 
specified address space is accessed". 
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Applicant further argues that the operation of the comparator in Rabeler is not analogous 
to "judging whether or not an access is carried out within an address range thus set during 
execution of a software," but rather that Rabeler teaches that the "comparator . . . compares an 
address limit in order to allow access" (Page 4, paragraph 1). 

Examiner disagrees with applicant's conclusion. The comparison of Rabeler can indeed 
be construed as a judgment according to an accepted definition of the term from Webster's 1913 
Dictionary available at http://www,hyperdictionary.com/search.aspx?define=judgment, 
hyperdictionary: 

"The operation of the mind, involving comparison and discrimination, by which a 
knowledge of the values and relations of things, whether of moral qualities, intellectual 
concepts, logical propositions, or material facts, is obtained " 
Furthermore, Rabeler teaches that the result of the comparison is used to inhibit a user program 
from part of a segment of memory (Column 5, lines 63-65). In other words, a comparison is 
made during execution of software (i.e. the user program) to inhibit access to a particular address 
range corresponding to the memory segment, and Rabeler may therefore be understood to teach 
"judging whether or not access is carried out within an address range thus set during execution of 
software." 

Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1. 136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to John M Ross whose telephone number is (571) 272-4212. The 
examiner can normally be reached on M-F 8:00 AM - 4:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Mano Padmanabhan can be reached on (571) 272-4210. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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